My implementation of the Content Security Policy server logic for WordPress is now available as a WordPress Plugin.
Fig.1 – CSP configuration page making a policy recommendation.
Fig. 2 – New panel in media uploader allows direct creation of script files in the uploads directory.
Hi Brandon!
Well done about CSP! I was wondering how does CSP cope with return-to-JavaScript attacks (i.e. code injections that are based in legitimate white-listed code). You can find more at:
http://www.ics.forth.gr/~elathan/publications/w2sp09.pdf
http://www.ics.forth.gr/~elathan/publications/webapps10.pdf
Regards,
Elias